It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company’s subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data.
According to ZDNet, which first reported on the website bug, anyone could add

Source: Hot Hardware – T-Mobile Website Glitch Gave Hackers Access To Private Data On Millions Of Customers